Regular expressions are used to perform string matching. See the following tables for some common examples of regular expressions. To specify a regular expression, add a ".REG." operator before that pattern.
Note: Regular expressions are a powerful string matching tool. For this reason, Trend Micro recommends that administrators who choose to use regular expressions be familiar and comfortable with regular expression syntax. Poorly written regular expressions can have a dramatic negative performance impact. Trend Micro’s recommendation is to start with simple regular expressions that do not use complex syntax. When introducing new rules, use the archive action and observe how MSA manages messages using your rule. When you are confident that the rule has no unexpected consequences, you can change your action.
To create a rule that filters messages that match all conditions defined:
Step 1: Select the type of content rule
1. From the Content Filtering page, click Add.
2. Select Filter messages that match all conditions defined.
3. Click Next.
Step 2: Name your rule and select the message part to filter for keywords 1. Type the name of your rule in the Rule name space.
2. Set the part of the message that MSA filters. MSA can filter messages according to:
• Message header
Type a keyword in the From, To, CC, and/or Subject field to have MSA take action against email messages that contain matching keywords in the
corresponding fields. Separate multiple keywords with a semi-colon (;).
• Attached files
Type a name in the Attachment file name field. MSA takes action against messages that have attachments with the name you specify. Separate multiple keywords with a semi-colon (;).
Protecting Your Microsoft Exchange Servers
Tip: MSA performs Content Filtering before Attachment Blocking.
• Size
Select an option from the Size drop list and type a number to indicate a size in bytes. The maximum amount of digits for this field is 10. MSA cannot filter messages that exceed 2GB.
Note: Client Server Messaging Security for SMB only supports filtering of header and subject content during real-time scans. It does not support filtering of header and subject content during manual and scheduled scans.
3. Click Next.
Step 3: Set the action MSA takes against content that matches the keyword 1. Select an action for MSA to take when it detects undesirable content during a
real-time scan. MSA can perform the following actions when it detects content that matches the rule conditions:
• Quarantine — moves the message to the quarantine directory.
• Delete entire message — deletes the entire email message
• Archive — moves the message to the archive directory and delivers the message to the original recipient
• Pass — delivers the message without triggering any action.
2. Select whether MSA notifies designated individuals when it takes action against undesirable content.
3. Click Next.
Step 4: Set the notifications MSA sends when it takes an action
1. Click on the check boxes corresponding to the people MSA will notify.
2. Click ( ) to customize the notification for that recipient.
3. To set Advanced Notification:
• Click SNMP to send notification by SNMP. Click ( ) to customize the SNMP message.
• Click Write to Windows event log to have MSA write the notification to a Windows event log.
4. Click Finish.
Step 5: Save your configuration Click Save.
To create a rule that monitors message content for a particular email account(s):
Step 1: Select the type of content rule
1. From the Content Filtering page, click Add.
2. Select Monitor the message content of particular email account(s).
3. Click Next.
Step 2: Name your rule and enter the email account(s) you want to monitor 1. Type a name for your rule in the space provided.
2. Type the mailbox address for the email account that you want to monitor. You can monitor an email account located in the From, To, and CC part of the header.
3. Click Next.
Step 3: Select the message part to filter and add keywords
1. Click the message part that you want to filter for undesirable content. MSA can filter email messages by Subject, Body, or Attachment. MSA can support content filtering for Microsoft Office, PDF, and text files.
Note: Client Server Messaging Security for SMB only supports filtering of header and subject content during real-time scans. It does not support filtering of header and subject content during manual and scheduled scans.
2. Type a keyword in the space provided.
• Click Add to add it to the list of keywords that MSA checks when filtering content.
• Click Delete to remove keywords from the list.
Protecting Your Microsoft Exchange Servers
By default, MSA searches for exact matches of the keywords that you add.
3. Click Match case-sensitive to have MSA disregard words that do not match the keyword's case when filtering content.
4. Set up your list of synonyms.
• Click Match synonym to have MSA consider all the synonyms of the keyword when filtering content.
• Click ( ) next to Match synonym to display the list of synonyms. When you select a keyword, all of the keyword’s synonyms display in the Synonyms to exclude list. Use the arrow keys to add and delete synonyms for each corresponding keyword.
5. Click Next.
Step 4: Set the action MSA takes against content that matches the keyword 1. Select an action for MSA to take when it detects undesirable content. MSA can
perform the following actions when it detects content that matches the rule conditions:
• Replace with text/file — replaces the filtered content with a text file.
You cannot replace text from the From, To, CC, or Subject fields.
• Quarantine — moves the message to the quarantine directory.
• Delete entire message — deletes the entire email message
• Archive — moves the message to the archive directory and delivers the message to the original recipient
Note: The actions delete entire message and quarantine are unavailable during manual or scheduled scans.
2. Select whether MSA notifies designated individuals when it takes action against undesirable content.
3. Click Next.
Step 5: Set the notifications MSA sends when it takes an action
1. Click on the check boxes corresponding to the people MSA will notify.
2. On the action page, select the check box for the notification that you want to send to the infected recipient/sender.
3. Click Save.
Protecting Your Microsoft Exchange Servers
To create an exemption rule:
Step 1: Select the type of content rule
1. From the Content Filtering page, click Add.
2. Select Create exemption for particular email account(s).
3. Click Next.
Step 2: Name your rule and enter the email account(s) you want to exempt 1. Type the name of your rule in the Rule name space.
2. Type the email address that you want to exempt from content filtering in the space provided and click Add to add it to the list.
3. When you are satisfied with your list, click Finish.
Step 3: Save your configuration Click Save.